Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Options-Based Security-Oriented Framework for Addressing Uncerainty Issues in IT Security
KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
2010 (Engelska)Doktorsavhandling, monografi (Övrigt vetenskapligt)
Abstract [en]

Continuous development and innovation in Information Technology introduces novel configuration methods, software development tools and hardware components. This steady state of flux is very desirable as it improves productivity and the overall quality of life in societies. However, the same phenomenon also gives rise to unseen threats, vulnerabilities and security concerns that are becoming more critical with the passage of time. As an implication, technological progress strongly impacts organizations’ existing information security methods, policies and techniques, making obsolete existing security measures and mandating reevaluation, which results in an uncertain IT infrastructure. In order to address these critical concerns, an options-based reasoning borrowed from corporate finance is proposed and adapted for evaluation of security architecture and decision- making to handle them at organizational level. Options theory has provided significant guidance for uncertainty management in several domains, such as Oil & Gas, government R&D and IT security investment projects. We have applied options valuation technique in a different context to formalize optimal solutions in uncertain situations for three specific and identified uncertainty issues in IT security. In the research process, we formulated an adaptation model for expressing options theory in terms useful for IT security which provided knowledge to formulate and propose a framework for addressing uncertainty issues in information security. To validate the efficacy of this proposed framework, we have applied this approach to the SHS (Spridnings- och Hämtningssystem) and ESAM (E-Society) systems used in Sweden. As an ultimate objective of this research, we intend to develop a solution that is amenable to automation for the three main problem areas caused by technological uncertainty in information security: i) dynamically changing security requirements, ii) externalities caused by a security system, iii) obsoleteness of evaluation. The framework is general and capable of dealing with other uncertainty management issues and their solutions, but in this work we primarily deal with the three aforementioned uncertainty problems. The thesis presents an in-depth background and analysis study for a proposed options-based security-oriented framework with case studies for SHS and ESAM systems. It has also been assured that the framework formulation follows the guidelines from industry best practices criteria/metrics. We have also proposed how the whole process can be automated as the next step in development.

Ort, förlag, år, upplaga, sidor
Stockholm: KTH , 2010. , xvi, 178 s.
Serie
Trita-ICT-ECS AVH, ISSN 1653-6363 ; 10:04
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
SRA - Informations- och kommunikationsteknik
Identifikatorer
URN: urn:nbn:se:kth:diva-24327ISBN: 978-91-7415-707-9 (tryckt)OAI: oai:DiVA.org:kth-24327DiVA: diva2:346569
Disputation
2010-09-13, SAL D, KTH-Forum, Isafjordagatan 39, Kista, 15:00 (Engelska)
Opponent
Handledare
Anmärkning
QC 20100902Tillgänglig från: 2010-09-02 Skapad: 2010-09-01 Senast uppdaterad: 2010-09-02Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas

Sök vidare i DiVA

Av författaren/redaktören
Abbas, Haider
Av organisationen
Elektroniksystem
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetricpoäng

isbn
urn-nbn
Totalt: 886 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf